[cifs-protocol] Protocol changes in KB2992611 [115012312316449]

Obaid Farooqi obaidf at microsoft.com
Wed Feb 4 09:08:39 MST 2015 

Hi Andrew:
I have a fully patched system, Windows 8.1 enterprise. I verified that the updates include kb2992611. I joined the machine to Samba domain before patching though. I still do not see the problem. I also created a new user using active directory users and computers from my Windows machine. No issues. Logged in as the newly created user and tried credentials manger but still not issues.

Is your setup on hyper-v virtual machines? Maybe you can send me both the VHDs and I can just debug on my side to see what is happening?

I am not sure if opening credential manager generates any network traffic from workstation to DC. I did not see any when I opened credentials manager. 

Regards,
Obaid Farooqi
Escalation Engineer | Microsoft

Exceeding your expectations is my highest priority.  If you would like to provide feedback on your case you may contact my manager at nkang at Microsoft dot com

-----Original Message-----
From: Andrew Bartlett [mailto:abartlet at samba.org] 
Sent: Tuesday, February 3, 2015 11:47 AM
To: Obaid Farooqi
Cc: MSSolve Case Email; cifs-protocol at samba.org
Subject: Re: [cifs-protocol] Protocol changes in KB2992611 [115012312316449]

On Wed, 2015-02-04 at 06:43 +1300, Andrew Bartlett wrote:
> On Tue, 2015-02-03 at 15:37 +0000, Obaid Farooqi wrote:
> > Hi Andrew:
> > I am trying to reproduce the issue. So far I am unsuccessful. 
> 
> That is very odd.
> 
> > From the posts you mentioned, the credentials manager does not open 
> > if a windows 8.1 machine is joined to Samba domain and kb2992611 is 
> > applied? Just want to confirm I got this right.
> 
> Strictly, what we tested was all updates or Dec 2014 Update DVD vs no 
> updates.  The users narrowed it down to this KB however.  This is 
> Samba as an AD DC.

Also make sure that after the AD domain join, that you log in as a domain user (we used Administrator). 

> > I am using Samba 4.1.6 that Ubuntu installs.
> 
> We reproduced with git master, but the customer and users reporting 
> are running sernet-samba-4.1.11-9.el6.x86_64 on CentOS 6.5 and 4.2rc3 
> respectively.
> 
> Thanks,
> 
> Andrew Bartlett
> 
> > Regards,
> > Obaid Farooqi
> > Escalation Engineer | Microsoft
> > 
> > Exceeding your expectations is my highest priority.  If you would 
> > like to provide feedback on your case you may contact my manager at 
> > nkang at Microsoft dot com
> > 
> > -----Original Message-----
> > From: Andrew Bartlett [mailto:abartlet at samba.org]
> > Sent: Monday, February 2, 2015 8:42 PM
> > To: Obaid Farooqi
> > Cc: MSSolve Case Email; cifs-protocol at samba.org
> > Subject: Re: [cifs-protocol] Protocol changes in KB2992611 
> > [115012312316449]
> > 
> > On Tue, 2015-01-27 at 15:55 +1300, Andrew Bartlett wrote:
> > > I've got into our server with the (presumably) failing packet.  
> > > The client appears to have started requiring that 
> > > BACKUPKEY_BACKUP_GUID, ie the ServerWrap protocol 
> > > 7f752b10-178e-11d1-ab8f-00805f14db40
> > > actually work (we do not implement it yet).
> > > 
> > > Before this update, the client is happy for this to fail, now it 
> > > persists with continuing to contact the server, and having this 
> > > operation fail.  This repeats and repeats.
> > > 
> > > I'm also quite curious as to why an update in 2014 is moving 
> > > clients to require use of the RC4 based protocol, given all the 
> > > bad press that cyrpto had got.  This failure is just after a 
> > > successful call to the ClientWrap protocol, which should be much better.
> > > 
> > > I await your thoughts,
> > 
> > Any news on this?  I'm planning on making an implementation of the ServerWrap protocol, but it would help to know what actually changed, so I know if this is likely to help.
> > 
> > Thanks,
> > 
> > Andrew Bartlett
> > --
> > Andrew Bartlett
> > http://samba.org/~abartlet/
> > Authentication Developer, Samba Team  http://samba.org
> > Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba
> > 
> > 
> > 
> > 
> > 
> 

-- 
Andrew Bartlett                       http://samba.org/~abartlet/
Authentication Developer, Samba Team  http://samba.org
Samba Developer, Catalyst IT          http://catalyst.net.nz/services/samba

More information about the cifs-protocol mailing list